Newsletters: Newsbites

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

Security managers and analysts, system and network administrators, auditors and forensic analysts will each find immersion training focused on their special needs, and all taught by the highest-rated instructors in the US. And it is all in Orlando Florida, in early April.
http://www.sans.org/sans2004*************************************************************************

Businesses worldwide lost an estimated $55 billion due to computer worms in 2003, according to Trend Micro. Losses in 2002 were between $20 and $30 billion, up from $13 billion in 2001. Trend Micro predicts that figure will increase again in 2004; the company also believes that blended threats will continue to be the attack of choice. -http://news.com.com/2102-7349_3-5142144.html?tag=st_util_print

THE REST OF THE WEEK'S NEWS

Representative Adam Putnam (R-Fla.), chairman of the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, has scheduled 22 hearings to be held during the next 4-week session. The committee plans to address systems security and FISMA compliance, SCADA security in the nation's critical infrastructure, information security and information sharing analysis centers (ISAC) and patch management. -http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=24657

Northwest Airlines Admits it Gave Passenger Information to Government (19 January 2004)

Following JetBlue Airways' admission that it gave passenger records to a defense contractor, Northwest Airlines said it gave passenger information to the US government, as part of a security project, in the months following the September 11 attacks. Northwest also said that company spokesman Kurt Ebenhoch and chief executive Richard Anderson were unaware of the company's participation in the secret government project when they denied the company had provided passenger information to the government. -http://www.eweek.com/print_article/0,3048,a=116813,00.asp-http://www.eweek.com/print_article/0,3048,a=116814,00.asp

Trial of Alleged Blaster-F Author Set to Commence (19 January 2004)

The trial of the Romanian man accused of creating the Blaster-F worm begins on Friday, January 23. Dan Dumitru Ciobanu could face between three and fifteen years in prison under new Romanian cyber crime laws. -http://www.theregister.co.uk/content/56/34976.html

UK Teen to be sentenced for Fermi Lab Computer Break-Ins (19 January 2004)

Sentencing for UK teenager Joseph McElroy, who in October pleaded guilty to breaking into 17 computers at the Fermi National Accelerator Laboratory in Illinois, is set for February 2. The US government is seeking $37,000 compensation, for damage and disruption. -http://www.theregister.co.uk/content/55/34972.html[Editor's Note (Shpantzer): One of the interesting aspects of this case was how the Fermi lab personnel detected this intruder. The backup administrators noticed that some machines were taking very long to save to tape, and started to wonder what was going on. That's when they discovered the cache of media files planted by an outsider. -http://www.securityfocus.com/news/6352]

The Weakest Link (19 January 2004)

Australian Man to be Tried for Accessing and Modifying Girlfriend's e-Mail Account (16 January 2004)

A man from Berrimah, Darwin (Australia) has been charged "with unlawfully accessing a computer intending to cause loss and unlawfully causing modification of data." Craig Henry Griffis allegedly accessed his girlfriend's e-mail account, deleted some messages and copied others; he also allegedly changed her password so she could not access her e-mail. It is apparently the first case of its kind in Australia's Northern Territory. -http://www.themercury.news.com.au/printpage/0,5942,8404915,00.html

The United States Sentencing Commission (USSC) has published a request for comments on sentencing guidelines for those convicted under the CAN-SPAM Act. In particular, the commission wants feedback on how the use of deceptive techniques, various methods of address-gathering and the commission of more serious crimes should figure into the sentencing formula. -http://www.securityfocus.com/news/7846-http://www.ussc.gov/FEDREG/fedr0104.htm

House Democrats Critical of DHS Cybersecurity Efforts (16 January 2004)

Democrats on the House Homeland Security Select Committee issued a report critical of the current administration's homeland security efforts. Some of the criticism focused on the Homeland Security Department's (DHS) critical infrastructure cyber security efforts; the study points out that because the Critical Infrastructure Protection Board no longer exists, the top cybersecurity position in the government is now buried deep within DHS. -http://www.gcn.com/vol1_no1/daily-updates/24652-1.html-http://www.fcw.com/fcw/articles/2004/0112/web-turner-01-16-04.asp[Editor's Note (Schultz): You don't have to be a Democrat to be critical of the DHS's cyber security efforts (or lack thereof). This department needs at a minimum to drastically elevate the priority of cyber security. Schneier): I agree with most of the conclusions presented, even though they're doubtless motivated more by politics than facts. ]

New AMD Chips Help Prevent Malicious Code Execution (15 January 2004)

New technology in Advanced Micro Devices' Opteron and Athlon 64 processors can detect buffer overflows and thwart the possibility of malicious code being executed. Like most other processors, AMD's detect buffer overflows and trigger overflow exceptions. What makes the chips different is that any code that enters the processor after the overflow exception is labeled "nonexecutable."" -http://www.computerworld.com/printthis/2004/0,4814,89091,00.html

Public Safety Wireless Network Now Part of Project SafeCom (15 January 2004)

In the six months following the release of Windows 2000, Microsoft had issued 32 security advisories that included a total of 21 critical vulnerabilities. Six months after the release of Windows Server 2003, Microsoft had warned of 14 flaws, only 6 of which were deemed critical, a change that can be attributed in large part to the company's Trustworthy Computing Initiative. Some customers, however, have expressed concern that while the company may be making strides in releasing new software with fewer flaws, they aren't doing a very good job of securing widely used products that predate the Trustworthy Computing Initiative. -http://news.com.com/2102-7355_3-5141765.html?tag=st_util_print[Editor's Note (Schultz): Critics questioned whether Microsoft's Trusted Computing Initiative was anything more than a publicity ploy. The statistics in this news item show that Microsoft was indeed on track in making the bold decision to integrate sound software engineering practices in the code development process and to hold developers responsible for the security of the code they produce. Hopefully, the results Microsoft seems to have obtained will serve as an impetus for other software vendors to improve their software engineering practices, too. ]

Budget and Interoperability Problems Contribute to Stagnating PKI Implementation at Government Agencies (15 January 2004)

Stolen Computer Contains Airline Ticketing Data (14 January 2004)

Two computers were stolen from airline-owned financial transaction processing company Airlines Reporting Corp. (ARC). Though one of the computers was used to store airline ticketing information, a company statement says it believes the crime was one of property theft, not data theft. There is no indication the information has been abused. -http://www.computerworld.com/printthis/2004/0,4814,89062,00.html

The Danish Prime Minister's office will no longer distribute his speeches as Word documents; instead, the text of Anders Fogh Rasmussen's speeches will be made available as .pdf documents. The switch was made after a recently published speech was found to have been authored by a political ultra-liberalist; Rasmussen has been trying to distance himself from extremist politics. -http://www.smh.com.au/articles/2004/01/13/1073877800625.html

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit
http://portal.sans.org/